Android Security

July 11, 2014 at 11:44 pm | Posted in Computers, Internet, Online services, Security, Software, Web Apps | Leave a comment

I’ve noticed that a lot of smart-phone users don’t take their security as seriously as they do on Windows machines. They’re happy to surf the web without virus protection and to install software with rather appalling permissions. I’ve seen simple games wanting access to your call history, data, identity, location and more – yet they’re recommended by the Play store. Clearly, their standards are not mine.

Android has become the most widely used OS in the world. It dominates mobile devices. So it’s become a target for trouble. And for the modern trend of collecting user info and selling it.

Fred Langa recently wrote a good overview of some of the apps you might find useful for Android security. He reviews AV suites, Password management, device recovery, wiping, and VPNs.

I’ve been surprised how robust the Android security suites have become. Fred mentions Lookout, which I’m not familiar with. He runs through it’s features, making it a good comparison point for other suites. He also notes that there is some garbage posing as security software – you do want software you can trust. I’ve been using ESET Antivirus for some time on my PC’s and have been very happy with it. So it’s a natural that I checked out ESET’s Android offering. I was surprised to discover they were actually underselling it on the web site.

The app walks you through setting up each section as you choose to activate that feature set. If it recommends setting changes, it gives you easy access to those settings. I didn’t have a need for ‘Call and SMS Blocking‘ but the rest of it was rich with features I found useful.

When I tried to register on the web site for an anti-theft account prior, it failed. But when I registered through the app, it worked fine. Not sure why they have a register option on the web site when its the device that has to register. I was then able to test the anti-theft features on-line. It did catch a picture of me and did show the phones location within about 5 meters. (that’s controlled by the area and phones GPS) If you’re prone to leave your phone places, that can be really handy. You can also text commands much as Fred describes in the article, like locking the phone, have it make a loud noise, and so forth.

Most satisfying to me was the ‘Security Audit‘ feature as I’d become concerned about the behaviour of some apps and I wasn’t as informed when setting the phone up. Indeed, it found one of the games had infection issues through it’s advertising. And a few apps had stepped over reasonable permission bounds. ESET takes you right to the apps permissions and uninstall if you need it.

The free version has somewhat reduced features but is fully functional. It’s clear in the app which parts you’re test-driving during the 30 day free trial. Scroll down the page here to see a comparison chart of the differences.

Premium ESET is currently on sale for $10/ year, $15 for 2. From Fred’s article, $15/yr seems typical for paid versions, though Lookout is $30. ESET is usually in the middle.

More
If you travel a lot or use public hot spots, a VPN can much improve security – especially if you need to do some banking or some such. Fred reviews some of those options. Device recovery and system wiping tools are included in some AV suites, like the above, but he also suggests stand alone ones if that’s needed.

Finally, Password management. For this, you want a tool that’s useful both on your PCs and mobile. Fred suggests several which basically mean having 2 or more password stores.  Not very efficient to have different passwords in different places – the one you need is the one that will be stored somewhere else.

As readers here know, I’m a fan of LastPass, a free PC password manager. The premium version, for $12 a year, adds many other features including mobile access to your password vault from any device. It also allows you to separate work and home passwords, create family shared ones, and adds enterprise tools.

Safe surfing, wherever you are.
David

Troubles in the CASL

July 2, 2014 at 6:20 pm | Posted in Computers, Economoney, Internet, Online services, Software | 3 Comments

Recently in Canada, a lot of small businesses and charities have been quite concerned. On July 1, new anti-spam legislation came into effect here. Many small organizations depend on low-cost messaging services to communicate and advertise. A few have been a little sloppy about their lists.

While anti-spam legislation is a good idea, when they define it with terms like “electronic address”, there are issues. Everything on the Internet has an electronic address. Also, very little spam originates from where the legislation will have any effect. Estimates I’ve seen suggest 2%.

The main thing you need to understand is that CASL is mostly about email, though Instant Messaging and SMS are included. It’s about sending directly to a person’s electronic address, typically to many such at a time.

If you’re doing so without their documented consent through some sort of relationship, this is now spamming and subject to fines. (see the implicit/ explicit summary below) Thus, you want to ensure your newsletter/ emailing list is fully Opt-in. If you’ve been using a service like MailChimp or Constant Contact, they will normally do a confirmed or double Opt-in. The end user enters an email address on-line or clicks a link and the system sends them an email to confirm – click and done. Even many blogs comment subscriptions double-confirm now (on WordPress).

However, if you’ve manually entered peoples email addresses or your list is mostly imported, then you will want to ask your subscribers to re-verify with a new Opt-in. You’ve probably seen a bunch of such emails yourself. Constant Contact handily offers a “CASL Template” for doing so. The user clicks the email link and it’s done. (though you’ll need to edit the Contacts, Signup Tools, Change of Interest email as that’s what they’ve used for an email post-confirmation – just make the message more generic.) Constant Contact has said they’ll be exposing the confirmed data in reports later this month. Managing will thus be easy.

With Constant Contact, you may also wish to update your email headers to add the Confirmation option to all emails as well.

So far MailChimp has offered an overview article on the subject. That makes setting up a confirmation email much more involved, not to mention managing the results. MadMimi just refers to the US CAN SPAM law with a link to the CASL site. Even less helpful.

If you’re emailing large groups from your home computer with no unsubscribe link and no opt-in routine, you’re falling further and further outside the law in N. America. Not such a cheap option if you get fined. If your list is under 2,000 in size and you don’t send a ton of messages, MailChimp and MadMimi are both free. I’d suggest that after you import your list, your first order of business will be to send a verification email to get everyone to opt in. Or you drop them.

You also then get all the advantages of reporting, subscription management and so forth. Much easier to manage. And the templates help you to easily design professional looking messages.

All of this will ensure your Contact list is compliant. It may also save you a bit of money as you purge email addresses that have gone stale – just look at your Open vs Send rates. Many abandon free accounts over time. And some ISP’s no longer bounce stale addresses as it can lead to them getting on spam lists, ironically.

Updates that you post on your blog, Twitter or Facebook are sent to yourself. People who then wish to partake of these updates can then choose to view or subscribe. No worries there, in spite of some comments in the news. CASL does not apply.

EasyDNS has offered an excellent summary of implicit and explicit consent and why sending an unsubscribe reminder (Opt Out) won’t cut it.

Also note that you have time. The government does not plan to enforce this for 3 years. But don’t wait – it will take time to herd your cats and you don’t want to wander onto someone’s radar meantime.

Finally, here’s a review of a CRTC presentation on the topic that should ease some minds. But it also highlights the vague language in the legislation. It’s also notable it covers unauthorized software installs but is again a little vague on meaning.

If you have any experience dealing with emailing services we’d be interested in hearing how well they supported you with CASL.
David

UPDATE – see comments

The Pitchforks are Coming

July 2, 2014 at 5:30 pm | Posted in Economoney, History, Media | Leave a comment

An essay from a .01%er, Nick Hanauer, on why the increasing disparity between the wealthy and the poor is bad for everyone. And why a living wage will restore the middle class and help support the wealthy to stay such.

As he correctly observes, no civilization has Ever lasted when this income disparity has continued. It either becomes a police state or a revolution. Always. The question is only when.

He gives a few real examples where his ideas have worked while observing how trickle-down is not working. “the highest rate of job growth by small businesses are San Francisco and Seattle. Guess which cities have the highest minimum wage? San Francisco and Seattle.

Dear 1%ers, many of our fellow citizens are starting to believe that capitalism itself is the problem. I disagree, and I’m sure you do too. Capitalism, when well managed, is the greatest social technology ever invented to create prosperity in human societies. But capitalism left unchecked tends toward concentration and collapse. It can be managed either to benefit the few in the near term or the many in the long term. The work of democracies is to bend it to the latter. That is why investments in the middle class work.

I’m not an economist but I agree the imbalance needs correction – for so many reasons.
David

Dolphin’s are Non-Human Persons

June 24, 2014 at 2:30 pm | Posted in Economoney, Media, Movies, Nature, Science | Leave a comment

An interesting article on news that India has declared dolphin’s to be non-human persons. They’re banning the “import, capture of cetacean species… for commercial entertainment, private or public exhibition and interaction purposes whatsoever.

Whereas cetaceans [marine mammals] in general are highly intelligent and sensitive, and various scientists who have researched dolphin behavior have suggested that the unusually high intelligence; as compared to other animals means that dolphins should be seen as ‘non-human persons’ and as such should have their own specific rights and is morally unacceptable to keep them captive for entertainment purpose…

This does not mean human rights but rather “Unlike… positive rights, such as the ‘right’ to education or health care, the animal right is, at bottom, a right to be left alone… It only requires us to stop killing them and making them suffer.

This comes out of a 2011 meeting of the American Association for the Advancement of Science gathering support for the 2010 Declaration of Rights for Cetaceans:

1. Every individual cetacean has the right to life.
2. No cetacean should be held in captivity or servitude; be subject to cruel treatment; or be removed from their natural environment.
3. All cetaceans have the right to freedom of movement and residence within their natural environment.
4. No cetacean is the property of any State, corporation, human group or individual.
5. Cetaceans have the right to the protection of their natural environment.
6. Cetaceans have the right not to be subject to the disruption of their cultures.
7. The rights, freedoms and norms set forth in this Declaration should be protected under international and domestic law.
8. Cetaceans are entitled to an international order in which these rights, freedoms and norms can be fully realized.
9. No State, corporation, human group or individual should engage in any activity that undermines these rights, freedoms and norms.
10. Nothing in this Declaration shall prevent a State from enacting stricter provisions for the protection of cetacean rights.

(the linked article is missing the last 3)

In my local community, Orcas have been removed from the local aquarium but they still have dolphins and belugas, so there is a move to ban all cetaceans from display for entertainment purposes. What makes it messy is they present as a “research aquarium” and consider that work critical. While I certainly agree marine research is very important, tying it to funding by using research subjects for public entertainment is highly questionable and an inherent conflict of interest.

Waterproof IMAX cameras are far less expensive and invasive to use in exposing us to marine life.

The article closes with this question: “Once we give rights to some animals how do we justify our continued exploitation of others?” Another recent local controversy is violent abuse of dairy cows. But as one article commented, the entire treatment of animals as a commodity on factory farms is abuse. Films like Food Inc. have spoken to this.
David

Network Media Centre

June 19, 2014 at 1:56 pm | Posted in Computers, Hardware, Internet, Media, Online services, Security, Software, Technology | Leave a comment

In recent years, how we consume media has changed markedly. Video rentals stores have mostly died. Some have cancelled their cable service. Flat screen TV’s, then Smart TV’s (with built-in computers) have become common. On-line media sources as well. Movies now offer digital copies and so on.

If you mainly get your services from online sources like Netflix and Hulu, then you want a Smart TV or attached media box with a wireless keyboard and a smart remote like LG’s Magic Remote. (a standard TV remote is near useless for web browsing and such)

But if your main source is local digital media, like your movie, photo and music collections, you need a local storage solution. It might seem like hooking your computer up to your TV is a great idea, but that’s not likely to be convenient for how you normally use it. It will also create issues with backup sizes. Plus, I’ve found that TV media serving software tends to bog your computer and doesn’t update changes reliably.

Custom-building a PC as a media server may seem like a great idea, but the form factor and energy consumption are not as good. And PC’s need all those fricking updates.

Your better solution is a NAS (Network Attached Storage) that includes a media server. These are energy efficient boxes designed for handling large media files. They’re somewhat similar to an external hard drive except they plug into your network (typically the router) and contain a small computer that allows them to handle several drives. They’re a natural for the job.

You do need to check it will work for your setup though – will it hold drives large enough for your growing media collection? And does it have the right kind of media server for your TV? Typically a DLNS is supported by Smart TV’s but do check yours. Can your TV even connect to a network? Smart TV’s do.

In my own case, I have an LG Smart TV and their Magic remote.

Normally with a NAS, the drives are set up to appear as a single massive drive or are mirrored in pairs. A mirrored drive creates an immediate backup of everything that’s on the main drive. This is a common practice on servers. You get half the available space but a perfect backup.

Buying a NAS, they don’t typically come with drives pre-installed – you choose your own. The exception would be some home offerings like HP’s My Cloud models. They’re more limited and pricey but get good reviews. The reviews oddly seem to compare wildly different types of NAS (with huge variations in price) rather than separating out home and business systems. Ideally, you get matching drives – especially if you’re going to mirror them. But you can start with one and add the other later.

I got a Shuttle OmniNAS KD20 on sale. This is a basic model made by an established small-format computer maker. It’s not a fast NAS but is much less expensive than many and does fine at turning your TV into a media centre from local content. We’re not talking about your office data centre here. The box is well designed and I found it very straightforward to set up. They indicate it’s supported by Win XP+, Mac and Linux.

In buying drives, the OmniNAS supports 2 drives up to 4TB each for max of 8 TB. That’s a lot of media. The WD Reds get the best reviews for the purpose, but this is a budget project. I found 2x 3TB Seagate external drives that were on sale for much less than the bare drives. Removing them from the case is straightforward but this does void the warranty. Thus it’s a good idea to test the drives in their cases prior to removal, if you take such a route. It’s also a slight bit more work.

Also note that setting up the NAS will erase anything on the drives, so copy anything off them before installing in the NAS. They’re generally configured to be in an array in a NAS. That way they appear as a single drive on the network.

In my case I was disassembling Seagate Expansion drives and used the free Seatools to test the drives prior. Seatools is not restricted to Seagate drives. This video reviews both the testing and the drive removal for that model. Shims do a better job than a screwdriver to avoid breaking the clips or damaging the surface – then you have spare cases for another external drive.

The OmniNAS supports both PC and laptop-sized SATA drives. Installing the drives is straightforward. Just follow the Quickstart Guide. You screw them onto the drive tray, then slide them in. Screws provided, as was a network cable. Plug it in and turn it on, voilà!

You then install Finder software on your PC. You can get the newer version from the web site. This finds the NAS on the network, then opens a browser window to configure the device.

It will ask for an Admin password, then later wants to set up a username and password. Make sure you have strong passwords, especially if you plan to share the media through the Internet. A tool like LastPass can help you track all your passwords securely.

I highly recommend you install the Firmware upgrade through the browser interface. (see the Downloads tab) The problems I saw reported with the unit when I researched it prior are addressed with this update. If you loose access to it on the network prior to updating, shut it down and then restart.

Be sure to edit the Workgroup name to match your LAN if it’s not the default “Workgroup”. (on your computer, right-click My Computer and select Properties. Scroll down to see the Workgroup name)

In my case I set up mirrored drives as the backup was more useful than all that drive space. I can easily change that later if I need more space.

Share Box sets your NAS up to serve media onto the Internet as your own “private cloud”, accessible from your Internet connected devices. Basically your own Dropbox service. This is done through an Omninas domain portal. You can skip that and set it up later if your main desire is for your local network and TV.

The box has a Twonky DLNS media server included free, which the LG TV happily and easily supported. Anything added to the “disc” folder is available to the TV. I added a lot of files – this took a bit of time to copy over on my non-Gigabit network – but the NAS had no trouble serving it all. In contrast, the LG PC software choked on a fraction of it and didn’t update reliably.

It also has an iTunes server, if you’re in Mac world or like serving your media that way. If not, turn it off.

And it has a print server to share your USB printer on the network. And an SD card reader and USB ports if you want to add or copy media that way.

It even has a torrent server, although you have to disable the media server for that. Several reviews criticised that but it may be a security measure.

The OmniNAS also comes with a copy of Acronis imaging software if you wish to use the NAS for your backups as well. It will work fine with recent editions of Microsoft Backup and Mac Time Machine as well – in fact any software that will backup to network locations.

If you want your backup to also serve as a remote access store, use a tool like Cobain Gravity that copies files rather than images them. Imaging software is ideal for the operating system and programs but copy software is better for your files to ensure immediate access in the event of trouble.

If you Map the network drive, then the NAS shows up as a drive in Windows Explorer and such making file transfer easier.

For simplicity, I set up the free Microsoft SyncToy to echo to the NAS some of the media folders like Photos. I like copies of those on my computer, so when I update them, Synctoy will match all the changes to the NAS.

Then you can have slide shows, music playlists, and more on your TV. It becomes today’s stereo. If you have surround speakers, it’s better even than an old Quad system. Any other devices on your network also have access to all the content now too.

And if you also want to access that media on your tablet, smartphone (Android or iPhone  apps in the Stores) or laptop on the road, Share Box to the rescue. No worries about storing your stuff on someone else’s servers. If you’re a small business person, you can backup your documents to the NAS, ensuring both a backup and that you always have access. No worries about remote access to your PC. (note the comments about backup types above if you want document access – don’t image those files)

I’ve been much happier with the OmniNAS than serving from my laptop. It’s been more reliable, frees up computer resources, and provides another layer of backup.
Have fun!
David

Hardware Commons

June 10, 2014 at 10:30 am | Posted in Design, Economoney, Hardware, History, Internet, Media, Science, Technology | Leave a comment

Just as software has it’s open source and licensing has Creative Commons, open knowledge of hardware is crucial for us to grow as a society in healthy ways. I recently wrote a similar article on network infrastructure – an open Internet.

Why is this even an issue? Current laws concentrate knowledge into property rights for economic control rather than the common good. Corporate structures, treated legally as a person and thus given the same rights, are concentrating economic activity into monopolies. The result is the concentration of knowledge and wealth in a progressively smaller group, the so-called 1%. (although that’s overstating it now) This has historically destabilized and destroyed civilizations.

If we’re going to learn the lessons of history, we need more balance and a more diversified economy. We need opportunity in the commons and that is best served by accessible knowledge.

This increased access to knowledge is hugely important…it acts as the foundational infrastructure on which we can start to build a whole new economy.”
– Alastair Parvin of WikiHouse

This video outlines how it can be applied to hardware:

And this page lists 10 open hardware projects. If you’ve been around long enough you’ll recognize the Access to Tools theme that was common in the old Whole Earth Catalogue. It was also a theme of R. Buckminster Fuller.
David

Free PhotoShop

May 22, 2014 at 8:56 am | Posted in Design, Software, Web Design | 2 Comments

For those who work in web design, art, scanning, photography, and so much more, PhotoShop is usually their workhorse. It does have a learning curve but a good reference book will help you learn the parts you need – filters, layers, actions, and so forth. You can also get “recipe” books that show you the steps for specific effects. And there’s a ton of help on-line too.

But PhotoShop is also not cheap. Many began using it as students when they could get less expensive versions. Then periodic less-expensive upgrades kept them current.

Adobe has introduced Elements versions of some software, including PhotoShop. They’ve also introduced a web Express version. But none of these meet the power and control of the real thing.

Much more recently, Adobe has begun offering a legacy version (CS2) of PhotoShop for free (Windows and Mac). This is still a very full-featured program and runs fine on current OS’s. (available for Windows or Mac) Just look at the new features listed. And do note the serial number – it’s required.

It’s worth your time to learn and will serve you for many years into the future.
David

Look Up, Live

May 16, 2014 at 9:33 pm | Posted in Computers, Internet, Media, Online services, Psychology, Technology | Leave a comment

Look Up…   a rap on engaging with life, with people. Not so much with technology.

http://www.youtube.com/watch?v=Z7dLU6fk9QY

Solar Roadways

May 5, 2014 at 4:21 pm | Posted in Design, Economoney, Hardware, Media, Science, Technology | 1 Comment

What if your new driveway powered your house? And ran your car. And connected you to the Internet, telephone and TV. And kept itself clear of snow. And paid for itself.

It’s a real product.

https://www.youtube.com/watch?v=SNMFKKyFU60

And they’re doing an IndieGoGo funding round to take it to the next level. It’s already had real-world testing.

It will also optionally process polluted stormwater…

Culturing Creative Genius

April 14, 2014 at 3:45 pm | Posted in Books, Psychology, Writing | Leave a comment

Here and there we see books and studies of the highly successful. Behaviours we can emulate to achieve success. A new book takes a little different tack. Daily Rituals: How Artists Work by Mason Curry examines the habits of 161 creative thinkers and artists, many well-known.

In this review by Sarah Green in the Harvard Business Review, she describes The Daily Routines of Geniuses. Some of them you’ll find in most success books too. But the creative angle brings out other nuances. She quotes the book: “A solid routine fosters a well-worn groove for one’s mental energies and helps stave off the tyranny of moods.”

The reviewer notes “I began to notice several common elements in the lives of the healthier geniuses…” They were:
A workspace with minimal distractions
A daily walk – some long
Accountability metrics
A clear dividing line between important work and busywork
A habit of stopping when they’re on a roll, not when they’re stuck
A supportive partner
Limited social lives

Not that I’m a famous genius but I can add a few points to the excellent article.

She mentions how email comes in constantly. I long ago set my email up to not check automatically but rather I check manually so I could process it in bursts, at a break.

For myself, taking a break when you’re stuck is a good idea. Then you can come back fresh. But you may need to work through ongoing resistance. I also don’t break when I’m on a roll because the best stuff can come out then. However, that can result in an odd eating schedule on occasion.

As for the partner, there does need to be life balance in there for an effective relationship. It helps if they’re flexible about the inspiration though. As for “limited social lives”, that would be a less healthy trait. A lot of creative work is done solo. I learned that a balanced life includes a social life and became more intentional about that. It’s all too easy to put a life aside if the muse is strong.

One thing she mentioned but didn’t highlight would be “catching the muse when it shows up”. I have post-it notes around the place and keep paper & pen with me to capture ideas when they show up. They tend not to create memory impressions so can be lost like waking from a dream if they’re not noted. While this isn’t directly part of a daily routine, it is an important ritual.

I also recommend Elizabeth Gilbert’s distinction between Being a genius and Having a genius. While we can manage our lifestyle around genius and culture it, genius itself is not something we control. It is a gift rather than a trait. We must be prepared for when the wind rises and the light shines. Then we can capture a little of our creative genius.
David

Next Page »

Create a free website or blog at WordPress.com. | The Pool Theme.
Entries and comments feeds.

Follow

Get every new post delivered to your Inbox.

Join 39 other followers